Extracted

• • Target

    20ebc724a3af95649d9cdc131a96f6fe_JaffaCakes118

  • Size

    847KB

  • MD5

    20ebc724a3af95649d9cdc131a96f6fe

  • SHA1

    19fd3ca19e952b2b732196420855416781a6fc5c

  • SHA256

    8397f0112310c6a16da004369168fadda34f2a4b29dcfcfee9879f6e90ed7e33

  • SHA512

    49dd8f8f41cfdd1c962de4f5c608a41e61f70d7bc733d459ed55a5f104bfd155dd60fee15fdae9b6f3f040cc028cc1b748b07ddbb8195f0acb9384fcdfb67699

  • SSDEEP

    24576:B6EqkCEBNkqQ5Cv+uSlubgSHKAq4d0mVOdQS0q:BvqMNFmH4sVgdnO

  Score

  10^/10

  metasploitbackdoorexecutionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Creates new service(s)

    persistenceexecution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2